Disk encryption is a basic data protection method for physical & virtual hard disks. In one of my previous posts, I explained how we can encrypt Azure Windows VM using Azure Key Vault & BitLocker. This post can access via http://www.rebeladmin.com/2019/09/step-step-guide-encrypt-azure-windows-vm-using-bitlocker-powershell-guide/ . Similarly, we also can encrypt Azure Linux VM by using Azure Key Vault & dm-crypt. In this post, I am going to demonstrate how we can encrypt Azure Linux VM.
Things to Consider
Before we move forward, make sure your Azure VM configurations comply with following,
• Azure disk encryption for Linux VM is only going to work if you are running Azure-endorsed Linux distribution such as,
Ubuntu 14.04.5, 16.04, 18.04
RHEL 6.7, 6.8, 7.2, 7.3, 7.4, 7.5, 7.6
CentOS 6.8, 7.2n, 7.3, 7.4, 7.5, 7.6
SLES 12-SP3, 12-SP4
• If you encrypting OS & Data volume in Linux VM and its root (/) file system usage is 4GB or less you need a minimum of 8GB Ram. Also, if root (/) file system usage is more than 4GB, it needs 2 * (/root file system usage). This is only required during the initial encryption process.
• Azure Linux VM must have dm-crypt & vfat modules running.
• Data disks of Linux VM (which required encryption) must be listed under /etc/fstab correctly.
In this demo, I will be using PowerShell. Therefore, please make sure you have Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.6.0
Setup Resource Group
The first step of the configuration is to create a new resource group.
To do that,
1. Launch PowerShell console and connect to Azure using Connect-AzAccount
2. Then create a new resource group using,
New-AzResourceGroup -Name REBELRG1 -Location "East US"
In the above, REBELRG1 is the resource group name and East US is the resource group location.